exploitDog

CVE-2025-50428

Опубликовано: 27 авг. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

Ссылки

https://blog.smarttecs.com/posts/2025-004-cve-2025-50428/
Exploit
Third Party Advisory
https://github.com/RaspAP/raspap-webgui/pull/1833
Issue Tracking
Patch
https://blog.smarttecs.com/posts/2025-004-cve-2025-50428/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raspap:raspap-webgui:*:*:*:*:*:*:*:*

Версия до 3.3.2 (включая)

EPSS

Процентиль: 60%

0.00404

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-mqhg-76g5-3rxv

CVSS3: 9.8

github

21 день назад

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

EPSS

Процентиль: 60%

0.00404

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77